radin/my-docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
646ee01febd1eaa059bc6475dd6566a0545d9dfa
my-docs/Web Servers & Reverse Proxies/CertBot/temp.md
root 646ee01feb Certbot doc
2025-08-13 22:39:51 +03:30

95 lines
1.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# 🔐 Certbot SSL Certificate Management Guide
## 📦 Install Certbot
```bash
apt install certbot
```
Installs **Certbot**, the free tool to automatically obtain and manage SSL/TLS certificates from **Let's Encrypt**.
---
## 🖥️ Method 1 Standalone Mode
```bash
certbot certonly --standalone -d www.example.com
```
💡 **Standalone mode** runs its own temporary web server to complete the verification.
* Use when no web server (Apache/Nginx) is running on the same port.
* Certificates will be saved in:
* All versions: `/etc/letsencrypt/archive/`
* Latest version (symlink): `/etc/letsencrypt/live/`
---
## 🌐 Method 2 Webroot Mode
```bash
certbot certonly --webroot --webroot-path <path> -d <domain>
```
📌 **Webroot mode** places a verification file in your website's public directory.
* `<path>` = your website's document root (e.g., `/var/www/html`)
* Use when your site is already running and accessible.
---
## 🛠️ Method 3 Manual DNS Challenge
```bash
certbot certonly --manual --preferred-challenges dns -d <domain>
```
🔹 **DNS mode** requires you to manually add a TXT record to your domains DNS.
* Best for **wildcard** certificates (`*.example.com`)
* Works even without a running web server.
---
## ♻️ Renew Certificates
### Automatic Renewal
```bash
certbot renew
```
* Renews all certificates close to expiration.
### Force Renewal
```bash
certbot renew --force-renewal
```
* Renews certificates **immediately**, even if not expiring soon.
---
## 📅 Tips
* Certificates expire every **90 days** — always set up **auto-renew**.
* Test renewal without changes:
```bash
certbot renew --dry-run
```
* Restart your web server after renewal to apply new certificates:
```bash
systemctl restart nginx
# or
systemctl restart apache2
```
---
**With Certbot, your HTTPS setup can be fast, free, and automatic!** 🔒🚀
Reference in New Issue View Git Blame Copy Permalink